RSS   Vulnerabilities for 'Phpfreenews'   RSS

2005-08-23
 
CVE-2005-2638

 

 
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php.

 
 
CVE-2005-2637

 

 
Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top